CVE-2014-10391

The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection...

PT-2025-22527 · Unknown · Group-Office

Name of the Vulnerable Software and Affected Versions: Group-Office versions prior to 6.8.119 and 25.0.20 Description: A stored and blind XSS issue exists in the Phone Number field of the user profile within the Group-Office application. This allows a malicious actor to inject persistent JavaScri...

CVE-2002-1806

Cross-site scripting XSS vulnerability in Drupal 4.0.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag...

CVE-2002-1805

Cross-site scripting XSS vulnerability in DaCode 1.2.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag...

CVE-2005-4204

Cross-site scripting XSS vulnerability in LogiSphere 0.9.9j allows remote attackers to inject arbitrary Javascript via the msg command. NOTE: due to lack of appropriate details by the original researcher, it is unclear whether this issue is distinct from the msg DoS...

CVE-2005-1592

Multiple "javascript vulerabilities in BB code" in BirdBlog before 1.3.1 allow remote attackers to inject arbitrary Javascript...

CVE-2025-44108

A stored Cross-Site Scripting XSS vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently...

CVE-2025-45754

A stored cross-site scripting XSS vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name...

phpList < 3.6.16 XSS Vulnerability

phpList is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phplist:phplist"; i...

CVE-2025-44108

A stored Cross-Site Scripting XSS vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently...

CVE-2025-44108

A stored Cross-Site Scripting XSS vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently...

CVE-2025-4126

The EG-Series plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's series shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes in the shortcodetitle function. This makes it possib...

CVE-2025-44024

Cross-Site Scripting XSS vulnerability was discovered in the Pichome system v2.1.0 and before. The vulnerability exists due to insufficient sanitization of user input in the login form. An attacker can inject malicious JavaScript code into the username or password fields during the login process...

CVE-2025-43567

Adobe Connect versions 12.8 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containin...

Cross-Site Scripting (XSS)

@lumieducation/h5p-server is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the omission of the sanitizeHtml function call for plain text strings, which allows attackers to inject malicious HTML or JavaScript code...

PT-2025-21258

Name of the Vulnerable Software and Affected Versions: EG-Series plugin for WordPress versions up to, and including, 2.1.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's series shortcode due to insufficient input sanitization and output escaping on user-supplied...

CVE-2025-44024

Cross-Site Scripting XSS vulnerability was discovered in the Pichome system v2.1.0 and before. The vulnerability exists due to insufficient sanitization of user input in the login form. An attacker can inject malicious JavaScript code into the username or password fields during the login process...

CVE-2025-44024

Cross-Site Scripting XSS vulnerability was discovered in the Pichome system v2.1.0 and before. The vulnerability exists due to insufficient sanitization of user input in the login form. An attacker can inject malicious JavaScript code into the username or password fields during the login process...

PT-2025-21219 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 8.5 through 9.0 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a...

CVE-2025-44024

The CVE-2025-44024 entry concerns the Pichome system (v2.1.0 and earlier) with an XSS flaw in the login form caused by insufficient input sanitization. The vulnerable component is the login process where attacker-controlled inputs in the username or password fields can inject malicious JavaScript...